Love it or hate it the vast majority of us are constantly connected to the Internet to communicate with others and conduct business. Improved battery, chip and wireless technologies combined with reasonably priced smart phones, tablets, readers and gaming devices have allowed the digital world to permeate into almost every facet of our lives.
And, as more people migrate to mobile and cloud services for communication and commerce, cybercriminals will continue to increase the number of threats they produce.
Did you know...
- there are almost 4.57 billion active Internet users and 8.3 billion mobile subscribers worldwide;
- 682 million tweets, 26 billion text messages, and over 300 billion emails are sent every day;
- Hackers attack every 39 seconds, on average 2,244 times a day;
- 46% of organizations got all of their malware via email;
- about 300 million phishing emails are sent each day;
- Android devices are responsible for 47.15% of observed malware infections, Windows/ PCs for 35.82%, IoT [Internet of Things] for 16.17% and iPhones for less than 1% per Panda Security;
- 56% of Americans don’t know what steps to take in the event of a data breach.
The Cloud
You’ve probably heard about the cloud and this topic alone could be a long article as far as security ramifications. There are advantages and disadvantages of using the cloud so make sure you do some homework before you jump into this technology.
Basically cloud computing is a subscription-based service where you can obtain networked storage space and computer resources. US-CERT.gov explains one way to think of cloud computing is similar to web based email providers. Gmail, Yahoo, Hotmail and others take care of housing all of the hardware and software necessary to support your personal email account.
When you want to access your email you open your web browser, go to the email client, and log in. The most important part of the equation is having internet access. Your email is not housed on your physical computer; you access it through an internet connection, and you can access it anywhere.
However, when you use the cloud you have limited control over who has access to your information and little to no knowledge of where it is stored. You also must be aware of the security risks of having data stored on the cloud. The cloud is a big target for malicious individuals and may have disadvantages since it can be accessed through an unsecured internet connection.
Mobile payment systems, apps, etc.
Many analysts predict mobile technology and smartphones are moving us towards a cashless system. Apps and programs make smartphones function as debit, credit and loyalty cards so users don’t have to carry plastic anymore in various countries.
Symantec predicts mobile devices will become more valuable as cell providers and retail stores transition to mobile payments. Criminals will use malware to hijack payment information from people in retail environments or continue to try to crack into services like eWallet and others. And low-tech crime like stealing phones will increase too.
Smartphone and tablet apps come in handy for mobile payments, banking, home security systems and other aspects of day-to-day living, however … keep in mind if you lose your phone (or it’s stolen) and you don’t have it programmed with a way to locate, lock and/or erase your data remotely, you run the risk of identity theft or worse since someone may gain access to your physical home too.
Tips to help secure your PC and handheld devices
- Make sure computers and wireless devices have current anti-virus software and firewalls, schedule them to scan daily or weekly, and update virus patterns often. Encourage employees to protect their personal home devices too.
- As mentioned earlier, Android devices attract almost 50% of malware compared to other phone operating systems, and a security memo from the Department of Homeland Security and the FBI highlights the three most prominent security threats: SMS text messaging Trojans; rootkits (which log a user's locations, keystrokes or passwords); and "fake Google Play domains." It is critical to learn how to secure your handheld devices with strong passwords, use caution when texting or clicking links and keep your security software updated.
- Increasing amounts of data are being stored on mobile devices - including confidential business data - however, devices are often unprotected with a PIN and the data is seldom encrypted. At the same time, these devices are easy to lose and easier to steal, so there's an increasing risk of data leakage. Companies need to ensure their BYOD (Bring Your Own Device) policies include anti-malware, whitelisting, encryption, centralized policy management and enclosing of personal and business data.
- If you use a wireless router to access the Internet, secure it. Change the name of your router from the default ID (usually SSID or ESSID) to a name that is unique to you and won’t be easily guessed by others. Change the preset password on your router to a long and strong password with letters, numbers and a symbol or 2. Also set your router’s level of security to either WPA2, if available, or WPA since they are more secure than the WEP option. And finally, some routers allow for guests to use the network via a separate (or guest) password. If you have kids or many visitors in your home, it’s a good idea to set up a guest network.
- Set security preferences as high as possible on Internet browsers and anti-virus packages.
- Although it is best to not open emails or attachments from unknown sources, that’s not always feasible - esp in the business world. But consider saving attached files into a temp directory and scan them before opening.
- Create long passwords using a combination of letters, numbers and special characters, change them often and don’t share them with others. And don't use the same password for everything!
- Don’t access financial institutions from mobile devices using apps or email links. Instead, visit banking and credit card sites directly using a browser window. And limit the use of apps on social networking sites too since they can have security weaknesses and flaws.
- Speaking of credit cards, check the backs of your cards to see if they have radio-frequency identification chips (RFID) or Near Field Communication (NFC) chips that are embedded in credit and debit cards. (Visa calls its technology payWave, MasterCard dubs it PayPass, Discover brands it Zip, and American Express calls it ExpressPay,) If any of your cards have a phrase, symbol or chip, consider using RFID-blocking shields or wallets, which generally use aluminum or steel to keep out prying eyes. There are even instructions on the Web for how to give your existing wallet RFID-inhibiting protection using duct tape and aluminum foil.
- Be aware there are lots of “scareware” scams online! Do NOT download or click on a screen that says it found “X number of viruses or spyware on your system” suggesting you download their package -- it will most likely be a virus.
- Beware of “ransomware” (malware that prevents you from using your computer until you pay a fine) and “madware” (mobile adware – esp. apps - that can potentially expose location details, contact data, and device identifiers to cybercriminals) since they are predicted to be major issues going forward.
- Also beware of “smishing” (a combination of SMS texting and phishing) and “vishing” (voice and phishing) scams. Typically these involve you receiving a text message or an automated phone call on your cell phone saying there’s a problem with your bank account. You are given a phone number to call or a website to log into and asked to provide personal identifiable information—like a bank account number, PIN, or credit card number—to fix the problem. Don’t respond to unsolicited e-mails, texts or phone calls requesting personal data, and never click on links or attachments contained within unsolicited e-mails or messages.
- Backup data often and keep a daily or weekly backup off-site.
- Make sure someone knows how to download patches or fixes in case a computer or system gets infected.
- If your business or employer is hacked, file a complaint with the Internet Crime Complaint Center at www.ic3.gov
Learn more about Internet safety at www.staysafeonline.org or www.onguardonline.gov or www.us-cert.gov.